About
An experienced leader of cyber and information security risk, governance, and management with over 25 years of overall professional working experiences; more than 15 years of senior level information security management responsibility, including executive and board level program and risk reporting.
A diverse background and in-depth knowledge, skills, and abilities in enterprise level strategy and management of cyber, information security, operational risk, enterprise architecture, IT services, project and systems/software development life cycle, e-commerce, cloud computing, operational technology (OT), disruptive tech, digital banking, and core business systems. This is all supported by a traditional engineering discipline with a focus on business objectives and the customer.
Expertise include security strategies, tactics, and risk management - development, implementation and management of frameworks; policies; programs; operations and incident response; threat and risk assessments; and assurance services.
Industry certifications include: C|CISO, CRISC®, CGEIT®, CISM®, CISA®, CDPSE™, CISSP®-ISSMP® and actively participates in the local, national, and international information security, IT governance and risk community.
Articles by Michael
-
Seeking the next generation of cybersecurity pros from the booming eSports community
Seeking the next generation of cybersecurity pros from the booming eSports community
By Michael Leung .🇨🇦
Activity
-
🤖 ⏲️ Artificial intelligence could lower the average workweek and stimulate digital consumption. During the 80 years between the Second Industrial…
🤖 ⏲️ Artificial intelligence could lower the average workweek and stimulate digital consumption. During the 80 years between the Second Industrial…
Shared by Michael Leung .🇨🇦
-
💥 🌊 The number of DDoS attacks grew by 94% in 2023 compared to 2022, building on the previous year’s growth of 99%. The number of attacks has been…
💥 🌊 The number of DDoS attacks grew by 94% in 2023 compared to 2022, building on the previous year’s growth of 99%. The number of attacks has been…
Shared by Michael Leung .🇨🇦
-
🤖 💥 Assisted by generative #AI and who knows what new improved AI technology 2024 will bring, threat actors are better equipped than ever to…
🤖 💥 Assisted by generative #AI and who knows what new improved AI technology 2024 will bring, threat actors are better equipped than ever to…
Shared by Michael Leung .🇨🇦
Experience
Education
Licenses & Certifications
Volunteer Experience
-
Member of Provincial Security Advisory Council (PSAC)
Government of British Columbia
- Present 7 years
Science and Technology
Member of a confidential forum for the BC Government’s Office of the CISO, and a diverse set of local, Information Security practitioners from the BC business community to openly exchange ideas and observations, and develop practical solutions about current cyber security challenges. A model for cooperation and information sharing in cybersecurity between private sector and government…
Member of a confidential forum for the BC Government’s Office of the CISO, and a diverse set of local, Information Security practitioners from the BC business community to openly exchange ideas and observations, and develop practical solutions about current cyber security challenges. A model for cooperation and information sharing in cybersecurity between private sector and government.
https://www2.gov.bc.ca/gov/content/governments/services-for-government/information-management-technology/information-security/provincial-security-advisory-council -
Technical Reviewer - Cybersecurity Capability Assessment Model
CMMI Institute
- 1 year
Science and Technology
Review and provide feedback on the development of the CMMI® Cybermaturity Platform, a comprehensive enterprise cybersecurity capability and risk assessment platform to enable business and technology leaders to view and assess all facets of their cybersecurity program and capabilities through a risk lens and develop a cohesive cyberstrategy. The cloud-based platform, an ISACA Cyber Solution, was developed through research and testing with hundreds of CISOs, CIOs and CSOs. The platform features…
Review and provide feedback on the development of the CMMI® Cybermaturity Platform, a comprehensive enterprise cybersecurity capability and risk assessment platform to enable business and technology leaders to view and assess all facets of their cybersecurity program and capabilities through a risk lens and develop a cohesive cyberstrategy. The cloud-based platform, an ISACA Cyber Solution, was developed through research and testing with hundreds of CISOs, CIOs and CSOs. The platform features custom risk profiling, assessment, gap analyses and roadmap functions.
-
Member of the Board of Directors
Three Links Care Society
- 2 years
Health
Providing governance and oversight in the organization's new three-year strategic plan and growth to 2020. Demonstrating ongoing commitment to enhancing the lives of individuals in the community through its six strategic priorities that builds on its strengths, and anticipates opportunities and risk:
- continuously improving quality of life and complex care services
- developing and nurturing a quality team
- strengthening governance
- promoting innovation
- communication and…Providing governance and oversight in the organization's new three-year strategic plan and growth to 2020. Demonstrating ongoing commitment to enhancing the lives of individuals in the community through its six strategic priorities that builds on its strengths, and anticipates opportunities and risk:
- continuously improving quality of life and complex care services
- developing and nurturing a quality team
- strengthening governance
- promoting innovation
- communication and community engagement
- effective housing management
Publications
-
OWASP Top 10 Proactive Controls 2018: How it makes your code more secure
TechBeacon
The controls, introduced in 2014, have filled a gap for practitioners preaching the gospel of security to developers. OWASP's new list, written for developers and not security geeks, is intended to help organizations "shift left" with security.
"Giving them guidance that was practical was challenging. The OWASP Top 10 Proactive Controls helped a lot."
"Developers should look at the list as a starting point. It provides some practical guidance to build secure software." -
Year in Review: 2011-2012
ISACA Vancouver Chapter
The 2011-2012 board is pleased to issue the first ISACA Vancouver Chapter Year in Review Report, which was distributed at our AGM on June 26, 2012.
35 years ago, on July 5, 1977, Dr. Hart J. Will, Associate Professor at UBC, along with other key assurance professionals, submitted a Chapter Formation Proposal. The following year, in 1978, the Vancouver Chapter was established.
As President of the ISACA Vancouver Chapter for 2011-2012, I and the rest of the board are honoured and…The 2011-2012 board is pleased to issue the first ISACA Vancouver Chapter Year in Review Report, which was distributed at our AGM on June 26, 2012.
35 years ago, on July 5, 1977, Dr. Hart J. Will, Associate Professor at UBC, along with other key assurance professionals, submitted a Chapter Formation Proposal. The following year, in 1978, the Vancouver Chapter was established.
As President of the ISACA Vancouver Chapter for 2011-2012, I and the rest of the board are honoured and privileged to have played a part towards building upon our chapter’s history. We are pleased to have been able to continue to honour the traditions and expectations set by previous Presidents and boards before us. We are also proud to have made our own accomplishments, established our own firsts, and set our own milestones into the contribution of our long standing and reputable chapter’s history. -
Implementing a Security Framework Based on ISO/IEC 27002
ISACA Vancouver Chapter
Protecting information assets is crucial for many organizations. While most organizations have information security controls in place, they are often not optimally organized and lack cohesiveness.
A presentation of a real-world approach and an example of a journey in assessing, benchmarking, scoping, tracking, reporting, and implementing a security framework based on ISO/IEC 27002, including challenges and lessons learned. -
B.C. experts fear new computer Trojan a threat to all online commerce
The Vancouver Sun
A secure Internet website no longer guarantees that consumers are safe from thieving hackers who can empty their bank accounts and pilfer their credit cards, British Columbia's Crime Prevention Association warned Thursday.
The association issued the warning following reports of the Silentbanker, a Trojan-horse virus that is stalking computers and giving hackers a front-row seat on transactions between banking customers and their financial institutions.Other authors
Projects
-
Better Security Through Collaboration
-
CIOs need to know what happens on the ground with risks and threats — and CISOs are the best people to address any unanswered questions around security. How is security evolving in the changing threat landscape? How can CIOs be effective partners to CISOs and better communicate security together as business leaders? This panel discussion with leading CISOs explores experiences around risk tolerance, the threat landscape and communicating security to the business.
Other creatorsSee project -
Putting Some Intelligence Into Your Risk Assessment
-
When assessing IT security risks, there is clearly no one magic bullet approach. What you’re assessing and why, the industry in which you reside, and your organization’s risk posture are but a few variables that play into how high or low you’re going to go. In pursuit for a more comprehensive, detailed framework, Martin Kyle and Michael Leung teamed up to design a low-level assessment supported by solid underpinnings while also utilizing threat intelligence. In this session, the duo provides an…
When assessing IT security risks, there is clearly no one magic bullet approach. What you’re assessing and why, the industry in which you reside, and your organization’s risk posture are but a few variables that play into how high or low you’re going to go. In pursuit for a more comprehensive, detailed framework, Martin Kyle and Michael Leung teamed up to design a low-level assessment supported by solid underpinnings while also utilizing threat intelligence. In this session, the duo provides an overview of the hybrid framework and shares how the tool has led to cybersecurity success.
-
Credit Union Cooperation Against a Common Threat
-
Security is top-of-mind for every industry. This workshop-style session will help you gain insight and exchange ideas on benchmarking, security awareness, incident response and cloud security with support of Large Credit Union Security Group subcommittee chairs. The credit union community is a leader in information sharing and continues to push itself to collaborate and share in the cybersecurity sphere. Inspired by this robust security community, this exploratory session will allow small…
Security is top-of-mind for every industry. This workshop-style session will help you gain insight and exchange ideas on benchmarking, security awareness, incident response and cloud security with support of Large Credit Union Security Group subcommittee chairs. The credit union community is a leader in information sharing and continues to push itself to collaborate and share in the cybersecurity sphere. Inspired by this robust security community, this exploratory session will allow small groups to focus on one key security issue followed by a group-wide debrief to give you a tangible takeaway or two to strengthen your security program.
Other creatorsSee project -
A Brave New World – The Next Generation of CIO/CISO Partnership
-
In 2014, CIOs and CISOs no longer operate in separate silos. Technology’s heavy-handed influence on business transformation compels the two roles into a critical partnership. CIOs increasingly rely on CISOs to help drive business innovation while CISOs rely on the support of IT to elevate the visibility of information security in their companies and community. Join this lively keynote as a panel of CIOs and CISOs discuss their unconventional techniques to drive collaboration and seamlessly…
In 2014, CIOs and CISOs no longer operate in separate silos. Technology’s heavy-handed influence on business transformation compels the two roles into a critical partnership. CIOs increasingly rely on CISOs to help drive business innovation while CISOs rely on the support of IT to elevate the visibility of information security in their companies and community. Join this lively keynote as a panel of CIOs and CISOs discuss their unconventional techniques to drive collaboration and seamlessly unite disparate areas of the business.
Other creatorsSee project -
Staying Ahead of the Curve – Perspectives from a Lifetime in Security
-
As security leaders cautiously embrace the next wave of mobile devices, Big Data and cloud computing, they are faced with more pervasive threats to the enterprise and an increase in the number of reported data breaches. Attacks targeting high-profile individuals and organizations — from celebrity doxing, hacktivism and DDoS, to nation-state cyber espionage and attacks on critical infrastructure — have the CISO persistently planning for prevention, rather
than reaction.
In this fireside…As security leaders cautiously embrace the next wave of mobile devices, Big Data and cloud computing, they are faced with more pervasive threats to the enterprise and an increase in the number of reported data breaches. Attacks targeting high-profile individuals and organizations — from celebrity doxing, hacktivism and DDoS, to nation-state cyber espionage and attacks on critical infrastructure — have the CISO persistently planning for prevention, rather
than reaction.
In this fireside question-and-answer session, Howard Schmidt will bring a unique perspective as the former security leader of Microsoft, eBay and the White House, and will explore the current state of cybersecurity, the emerging threat landscape and how to stay ahead of the curve. -
Managing Security in the Mobile World
-
The explosion of mobile device technology and the significant business opportunities they provide, have CISOs working in overdrive. All too often, attempts to restrict the usage of personalized devices fl y out the window as soon as an executive brings their personal tablet to work. Like email and the internet before it, mobility is now pervasive throughout the corporate world. While the possibilities that these devices and technologies afford appear to be increasing at an exponential rate, so…
The explosion of mobile device technology and the significant business opportunities they provide, have CISOs working in overdrive. All too often, attempts to restrict the usage of personalized devices fl y out the window as soon as an executive brings their personal tablet to work. Like email and the internet before it, mobility is now pervasive throughout the corporate world. While the possibilities that these devices and technologies afford appear to be increasing at an exponential rate, so too, are the user-endpoints, creating an endlessly complex environment for CISOs to manage — let alone, secure. Join Steve Biswanger, Larry Carson, Jo-Ann Smith and moderator Michael Leung as they discuss the present and future challenges of managing and securing mobilized devices and how leveraging your mobile security strategy can expand your role as a business leader.
Other creatorsSee project
Recommendations received
10 people have recommended Michael
Join now to viewMore activity by Michael
-
✊ 👨⚖️ 🙏 Are social mood trends #socionomics motivating more #hacktivists? Radware 2024 Global Threat Analysis Report #ddos #appsec #cyberrisk…
✊ 👨⚖️ 🙏 Are social mood trends #socionomics motivating more #hacktivists? Radware 2024 Global Threat Analysis Report #ddos #appsec #cyberrisk…
Shared by Michael Leung .🇨🇦
-
👺 🤖 Advancements in technology caused a shift in the sophistication and breadth of the threat landscape. Generative artificial intelligence (#AI)…
👺 🤖 Advancements in technology caused a shift in the sophistication and breadth of the threat landscape. Generative artificial intelligence (#AI)…
Shared by Michael Leung .🇨🇦
-
🤗 🤖 😟 👨👩👧👦 Big questions also linger about the organizational readiness to embrace and implement AI in decision making. Seven in 10 CEOs…
🤗 🤖 😟 👨👩👧👦 Big questions also linger about the organizational readiness to embrace and implement AI in decision making. Seven in 10 CEOs…
Shared by Michael Leung .🇨🇦
-
💥 🦹♂️ Exploitation of vulnerabilities as an initial access step for a breach grew by 180% - almost triple that of last year— fueled in part by the…
💥 🦹♂️ Exploitation of vulnerabilities as an initial access step for a breach grew by 180% - almost triple that of last year— fueled in part by the…
Shared by Michael Leung .🇨🇦
-
🦸♂️ ⏱️ Cyber defenders must respond faster. It can take around 55 days for organizations to remediate 50% of critical vulnerabilities after their…
🦸♂️ ⏱️ Cyber defenders must respond faster. It can take around 55 days for organizations to remediate 50% of critical vulnerabilities after their…
Shared by Michael Leung .🇨🇦
-
😲 ⏱️ The median time for users to fall for phishing emails is less than 60 seconds. Verizon Business 2024 Databreach Investigations…
😲 ⏱️ The median time for users to fall for phishing emails is less than 60 seconds. Verizon Business 2024 Databreach Investigations…
Shared by Michael Leung .🇨🇦
-
🚀 Attention, business professionals! 🚀 We’re excited to announce the upcoming launch of Writing Business Decision Papers by Erwin Martinez —a…
🚀 Attention, business professionals! 🚀 We’re excited to announce the upcoming launch of Writing Business Decision Papers by Erwin Martinez —a…
Liked by Michael Leung .🇨🇦
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Michael Leung .🇨🇦 in Canada
123 others named Michael Leung .🇨🇦 in Canada are on LinkedIn
See others named Michael Leung .🇨🇦